WebKit Bugzilla
Attachment 343675 Details for
Bug 186241
: [JSC] Pass VM& to functions more
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186241-20180627110911.patch (text/plain), 49.10 KB, created by
Yusuke Suzuki
on 2018-06-26 19:09:13 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-06-26 19:09:13 PDT
Size:
49.10 KB
patch
obsolete
>Subversion Revision: 233239 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 9e997cf817c398b12c626106e64f472048cfc8d8..fe53ff597fca740f05a3affce2bbd9f48711d225 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,81 @@ >+2018-06-26 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& to functions more >+ https://bugs.webkit.org/show_bug.cgi?id=186241 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch threads VM& to functions requiring VM& more. >+ >+ * API/JSObjectRef.cpp: >+ (JSObjectIsConstructor): >+ * bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp: >+ (JSC::AdaptiveInferredPropertyValueWatchpointBase::install): >+ (JSC::AdaptiveInferredPropertyValueWatchpointBase::fire): >+ (JSC::AdaptiveInferredPropertyValueWatchpointBase::StructureWatchpoint::fireInternal): >+ (JSC::AdaptiveInferredPropertyValueWatchpointBase::PropertyWatchpoint::fireInternal): >+ * bytecode/AdaptiveInferredPropertyValueWatchpointBase.h: >+ * bytecode/CodeBlockJettisoningWatchpoint.cpp: >+ (JSC::CodeBlockJettisoningWatchpoint::fireInternal): >+ * bytecode/CodeBlockJettisoningWatchpoint.h: >+ * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: >+ (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::install): >+ (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal): >+ * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: >+ * bytecode/StructureStubClearingWatchpoint.cpp: >+ (JSC::StructureStubClearingWatchpoint::fireInternal): >+ * bytecode/StructureStubClearingWatchpoint.h: >+ * bytecode/Watchpoint.cpp: >+ (JSC::Watchpoint::fire): >+ (JSC::WatchpointSet::fireAllWatchpoints): >+ * bytecode/Watchpoint.h: >+ * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: >+ (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::handleFire): >+ * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: >+ * dfg/DFGAdaptiveStructureWatchpoint.cpp: >+ (JSC::DFG::AdaptiveStructureWatchpoint::install): >+ (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal): >+ * dfg/DFGAdaptiveStructureWatchpoint.h: >+ * dfg/DFGDesiredWatchpoints.cpp: >+ (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add): >+ * llint/LLIntSlowPaths.cpp: >+ (JSC::LLInt::setupGetByIdPrototypeCache): >+ * runtime/ArrayPrototype.cpp: >+ (JSC::ArrayPrototype::tryInitializeSpeciesWatchpoint): >+ (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire): >+ * runtime/ECMAScriptSpecInternalFunctions.cpp: >+ (JSC::esSpecIsConstructor): >+ * runtime/FunctionRareData.cpp: >+ (JSC::FunctionRareData::AllocationProfileClearingWatchpoint::fireInternal): >+ * runtime/FunctionRareData.h: >+ * runtime/InferredStructureWatchpoint.cpp: >+ (JSC::InferredStructureWatchpoint::fireInternal): >+ * runtime/InferredStructureWatchpoint.h: >+ * runtime/InternalFunction.cpp: >+ (JSC::InternalFunction::createSubclassStructureSlow): >+ * runtime/InternalFunction.h: >+ (JSC::InternalFunction::createSubclassStructure): >+ * runtime/JSCJSValue.h: >+ * runtime/JSCJSValueInlines.h: >+ (JSC::JSValue::isConstructor const): >+ * runtime/JSCell.h: >+ * runtime/JSCellInlines.h: >+ (JSC::JSCell::isConstructor): >+ (JSC::JSCell::methodTable const): >+ * runtime/JSGlobalObject.cpp: >+ (JSC::JSGlobalObject::init): >+ * runtime/ObjectPropertyChangeAdaptiveWatchpoint.h: >+ (JSC::ObjectPropertyChangeAdaptiveWatchpoint::ObjectPropertyChangeAdaptiveWatchpoint): >+ * runtime/ProxyObject.cpp: >+ (JSC::ProxyObject::finishCreation): >+ * runtime/ReflectObject.cpp: >+ (JSC::reflectObjectConstruct): >+ * runtime/StructureRareData.cpp: >+ (JSC::StructureRareData::setObjectToStringValue): >+ (JSC::ObjectToStringAdaptiveStructureWatchpoint::install): >+ (JSC::ObjectToStringAdaptiveStructureWatchpoint::fireInternal): >+ (JSC::ObjectToStringAdaptiveInferredPropertyValueWatchpoint::handleFire): >+ > 2018-06-26 Saam Barati <sbarati@apple.com> > > JSImmutableButterfly can't be allocated from a subspace with HeapCell::Kind::Auxiliary >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index f6df18469c1272170526a32c1e891a2b0156b861..2102aded01443a6ea37c2eaec9e8033544d85749 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,13 @@ >+2018-06-26 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Pass VM& to functions more >+ https://bugs.webkit.org/show_bug.cgi?id=186241 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * bindings/js/JSCustomElementRegistryCustom.cpp: >+ (WebCore::JSCustomElementRegistry::define): >+ > 2018-06-25 Yusuke Suzuki <utatane.tea@gmail.com> > > Remove static initializers more >diff --git a/Source/JavaScriptCore/API/JSObjectRef.cpp b/Source/JavaScriptCore/API/JSObjectRef.cpp >index e2a4e2a88a1afd99966dddc73f99d00dd06a7f2c..566b7362f1b5dfe49ef3d96cf5724ef4878fbf81 100644 >--- a/Source/JavaScriptCore/API/JSObjectRef.cpp >+++ b/Source/JavaScriptCore/API/JSObjectRef.cpp >@@ -630,9 +630,7 @@ bool JSObjectIsConstructor(JSContextRef ctx, JSObjectRef object) > JSLockHolder locker(vm); > if (!object) > return false; >- JSObject* jsObject = toJS(object); >- ConstructData constructData; >- return jsObject->methodTable(vm)->getConstructData(jsObject, constructData) != ConstructType::None; >+ return toJS(object)->isConstructor(vm); > } > > JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) >diff --git a/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp b/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp >index 3f02d4f39289b7df08442ae4299ce900bd9d3404..b26fbf6acc863a2adfe5201bb62edeb2207bbd39 100644 >--- a/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp >+++ b/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp >@@ -36,18 +36,20 @@ AdaptiveInferredPropertyValueWatchpointBase::AdaptiveInferredPropertyValueWatchp > RELEASE_ASSERT(key.kind() == PropertyCondition::Equivalence); > } > >-void AdaptiveInferredPropertyValueWatchpointBase::install() >+void AdaptiveInferredPropertyValueWatchpointBase::install(VM& vm) > { > RELEASE_ASSERT(m_key.isWatchable()); > >- m_key.object()->structure()->addTransitionWatchpoint(&m_structureWatchpoint); >+ Structure* structure = m_key.object()->structure(vm); > >- PropertyOffset offset = m_key.object()->structure()->getConcurrently(m_key.uid()); >- WatchpointSet* set = m_key.object()->structure()->propertyReplacementWatchpointSet(offset); >+ structure->addTransitionWatchpoint(&m_structureWatchpoint); >+ >+ PropertyOffset offset = structure->getConcurrently(m_key.uid()); >+ WatchpointSet* set = structure->propertyReplacementWatchpointSet(offset); > set->add(&m_propertyWatchpoint); > } > >-void AdaptiveInferredPropertyValueWatchpointBase::fire(const FireDetail& detail) >+void AdaptiveInferredPropertyValueWatchpointBase::fire(VM& vm, const FireDetail& detail) > { > // One of the watchpoints fired, but the other one didn't. Make sure that neither of them are > // in any set anymore. This simplifies things by allowing us to reinstall the watchpoints >@@ -61,11 +63,11 @@ void AdaptiveInferredPropertyValueWatchpointBase::fire(const FireDetail& detail) > return; > > if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { >- install(); >+ install(vm); > return; > } > >- handleFire(detail); >+ handleFire(vm, detail); > } > > bool AdaptiveInferredPropertyValueWatchpointBase::isValid() const >@@ -73,22 +75,22 @@ bool AdaptiveInferredPropertyValueWatchpointBase::isValid() const > return true; > } > >-void AdaptiveInferredPropertyValueWatchpointBase::StructureWatchpoint::fireInternal(const FireDetail& detail) >+void AdaptiveInferredPropertyValueWatchpointBase::StructureWatchpoint::fireInternal(VM& vm, const FireDetail& detail) > { > ptrdiff_t myOffset = OBJECT_OFFSETOF(AdaptiveInferredPropertyValueWatchpointBase, m_structureWatchpoint); > > AdaptiveInferredPropertyValueWatchpointBase* parent = bitwise_cast<AdaptiveInferredPropertyValueWatchpointBase*>(bitwise_cast<char*>(this) - myOffset); > >- parent->fire(detail); >+ parent->fire(vm, detail); > } > >-void AdaptiveInferredPropertyValueWatchpointBase::PropertyWatchpoint::fireInternal(const FireDetail& detail) >+void AdaptiveInferredPropertyValueWatchpointBase::PropertyWatchpoint::fireInternal(VM& vm, const FireDetail& detail) > { > ptrdiff_t myOffset = OBJECT_OFFSETOF(AdaptiveInferredPropertyValueWatchpointBase, m_propertyWatchpoint); > > AdaptiveInferredPropertyValueWatchpointBase* parent = bitwise_cast<AdaptiveInferredPropertyValueWatchpointBase*>(bitwise_cast<char*>(this) - myOffset); > >- parent->fire(detail); >+ parent->fire(vm, detail); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h b/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h >index 98e33819378f57d36ace1624ebc80b5b349f2587..50d84ba888d51b9292037f1144e486bdbde2e2a3 100644 >--- a/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h >+++ b/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.h >@@ -41,29 +41,29 @@ class AdaptiveInferredPropertyValueWatchpointBase { > > const ObjectPropertyCondition& key() const { return m_key; } > >- void install(); >+ void install(VM&); > > virtual ~AdaptiveInferredPropertyValueWatchpointBase() = default; > > protected: > virtual bool isValid() const; >- virtual void handleFire(const FireDetail&) = 0; >+ virtual void handleFire(VM&, const FireDetail&) = 0; > > private: > class StructureWatchpoint : public Watchpoint { > public: > StructureWatchpoint() { } > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > }; > class PropertyWatchpoint : public Watchpoint { > public: > PropertyWatchpoint() { } > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > }; > >- void fire(const FireDetail&); >+ void fire(VM&, const FireDetail&); > > ObjectPropertyCondition m_key; > StructureWatchpoint m_structureWatchpoint; >diff --git a/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp b/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp >index 50cf7378df3c0c8eef13cf324819ab7bf2be0227..c96d5a4d3f2c0616b18b58fc60e8065a4ea0ba5e 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp >+++ b/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp >@@ -32,7 +32,7 @@ > > namespace JSC { > >-void CodeBlockJettisoningWatchpoint::fireInternal(const FireDetail& detail) >+void CodeBlockJettisoningWatchpoint::fireInternal(VM&, const FireDetail& detail) > { > if (DFG::shouldDumpDisassembly()) > dataLog("Firing watchpoint ", RawPointer(this), " on ", *m_codeBlock, "\n"); >diff --git a/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h b/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h >index 635cd78caa62a666d88ed3ec8079ce3bc0ce901b..610261f6a558c52efd062ff213d2d52cdc8ee05c 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h >+++ b/Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h >@@ -39,7 +39,7 @@ class CodeBlockJettisoningWatchpoint : public Watchpoint { > } > > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > > private: > CodeBlock* m_codeBlock; >diff --git a/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp b/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp >index d6cc22d5150df8ecdb8bb8a35c5acd2c57f71e50..eecd8fbc59a37eac92af8ab8088797e8f10fb309 100644 >--- a/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp >+++ b/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp >@@ -40,17 +40,17 @@ LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructu > RELEASE_ASSERT(!key.watchingRequiresReplacementWatchpoint()); > } > >-void LLIntPrototypeLoadAdaptiveStructureWatchpoint::install() >+void LLIntPrototypeLoadAdaptiveStructureWatchpoint::install(VM& vm) > { > RELEASE_ASSERT(m_key.isWatchable()); > >- m_key.object()->structure()->addTransitionWatchpoint(this); >+ m_key.object()->structure(vm)->addTransitionWatchpoint(this); > } > >-void LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal(const FireDetail&) >+void LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal(VM& vm, const FireDetail&) > { > if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { >- install(); >+ install(vm); > return; > } > >diff --git a/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h b/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h >index 66468f0ef845bc3b7f6549d0eddb35038d358eb0..e0e1be8d07057bd6b611f8a5391d5d87b2a32d54 100644 >--- a/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h >+++ b/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h >@@ -36,12 +36,12 @@ class LLIntPrototypeLoadAdaptiveStructureWatchpoint : public Watchpoint { > LLIntPrototypeLoadAdaptiveStructureWatchpoint() = default; > LLIntPrototypeLoadAdaptiveStructureWatchpoint(const ObjectPropertyCondition&, Instruction*); > >- void install(); >+ void install(VM&); > > const ObjectPropertyCondition& key() const { return m_key; } > > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > > private: > ObjectPropertyCondition m_key; >diff --git a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >index 3bd44532cd131efd6678774287c0c9ef31b44a7d..78163579b8781271ea4a16d6177a840a9800505e 100644 >--- a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >+++ b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp >@@ -48,7 +48,7 @@ StructureStubClearingWatchpoint* StructureStubClearingWatchpoint::push( > return head.get(); > } > >-void StructureStubClearingWatchpoint::fireInternal(const FireDetail&) >+void StructureStubClearingWatchpoint::fireInternal(VM& vm, const FireDetail&) > { > if (!m_key || !m_key.isWatchable(PropertyCondition::EnsureWatchability)) { > // This will implicitly cause my own demise: stub reset removes all watchpoints. >@@ -59,7 +59,6 @@ void StructureStubClearingWatchpoint::fireInternal(const FireDetail&) > return; > } > >- VM& vm = *m_key.object()->vm(); > if (m_key.kind() == PropertyCondition::Presence) { > // If this was a presence condition, let's watch the property for replacements. This is profitable > // for the DFG, which will want the replacement set to be valid in order to do constant folding. >diff --git a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h >index 665c56a986f0f6c50a54e030a8497075b4ff6a94..3c0a7fb4d612615811ab339b8ca95628bdc51130 100644 >--- a/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h >+++ b/Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.h >@@ -61,7 +61,7 @@ class StructureStubClearingWatchpoint : public Watchpoint { > std::unique_ptr<StructureStubClearingWatchpoint>& head); > > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > > private: > ObjectPropertyCondition m_key; >diff --git a/Source/JavaScriptCore/bytecode/Watchpoint.cpp b/Source/JavaScriptCore/bytecode/Watchpoint.cpp >index 7ab385f585cc9031c46de5a9061cdfba8f204f89..b19adb4ebc0300276b75c9aee07cb5f287c6cf0d 100644 >--- a/Source/JavaScriptCore/bytecode/Watchpoint.cpp >+++ b/Source/JavaScriptCore/bytecode/Watchpoint.cpp >@@ -49,10 +49,10 @@ Watchpoint::~Watchpoint() > } > } > >-void Watchpoint::fire(const FireDetail& detail) >+void Watchpoint::fire(VM& vm, const FireDetail& detail) > { > RELEASE_ASSERT(!isOnList()); >- fireInternal(detail); >+ fireInternal(vm, detail); > } > > WatchpointSet::WatchpointSet(WatchpointState state) >@@ -137,7 +137,7 @@ void WatchpointSet::fireAllWatchpoints(VM& vm, const FireDetail& detail) > ASSERT(m_set.begin() != watchpoint); > ASSERT(!watchpoint->isOnList()); > >- watchpoint->fire(detail); >+ watchpoint->fire(vm, detail); > // After we fire the watchpoint, the watchpoint pointer may be a dangling pointer. That's > // fine, because we have no use for the pointer anymore. > } >diff --git a/Source/JavaScriptCore/bytecode/Watchpoint.h b/Source/JavaScriptCore/bytecode/Watchpoint.h >index 778fe16c3828ad224cbc1e3cdf0093d0a66f8788..caff418c86ea30c407f2b866535b3e7b17dc0bb4 100644 >--- a/Source/JavaScriptCore/bytecode/Watchpoint.h >+++ b/Source/JavaScriptCore/bytecode/Watchpoint.h >@@ -35,6 +35,8 @@ > > namespace JSC { > >+class VM; >+ > class FireDetail { > void* operator new(size_t) = delete; > >@@ -96,11 +98,11 @@ class Watchpoint : public BasicRawSentinelNode<Watchpoint> { > virtual ~Watchpoint(); > > protected: >- virtual void fireInternal(const FireDetail&) = 0; >+ virtual void fireInternal(VM&, const FireDetail&) = 0; > > private: > friend class WatchpointSet; >- void fire(const FireDetail&); >+ void fire(VM&, const FireDetail&); > }; > > enum WatchpointState { >diff --git a/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp b/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp >index f7b91c8d758429b1319169e925a4add3cd2b9dd4..5b4a23718d46b69cddf12dbefd6960fdf903e1c5 100644 >--- a/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp >+++ b/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp >@@ -40,7 +40,7 @@ AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint > { > } > >-void AdaptiveInferredPropertyValueWatchpoint::handleFire(const FireDetail& detail) >+void AdaptiveInferredPropertyValueWatchpoint::handleFire(VM&, const FireDetail& detail) > { > if (DFG::shouldDumpDisassembly()) > dataLog("Firing watchpoint ", RawPointer(this), " (", key(), ") on ", *m_codeBlock, "\n"); >diff --git a/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h b/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h >index 089cca6c7136cd5970b68235a8ce3553d418c8fb..6199a708de76ff7d828f2d55786740a4641d4047 100644 >--- a/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h >+++ b/Source/JavaScriptCore/dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h >@@ -37,7 +37,7 @@ class AdaptiveInferredPropertyValueWatchpoint : public AdaptiveInferredPropertyV > AdaptiveInferredPropertyValueWatchpoint(const ObjectPropertyCondition&, CodeBlock*); > > private: >- void handleFire(const FireDetail&) override; >+ void handleFire(VM&, const FireDetail&) override; > > CodeBlock* m_codeBlock; > }; >diff --git a/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp b/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp >index d882071c7eb0b3a8b6d783ff113fee493e3360ba..d4a8b9a7d8c782bddb9c1e4ac71fcb254f0bd60d 100644 >--- a/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp >+++ b/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp >@@ -43,17 +43,17 @@ AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint( > RELEASE_ASSERT(!key.watchingRequiresReplacementWatchpoint()); > } > >-void AdaptiveStructureWatchpoint::install() >+void AdaptiveStructureWatchpoint::install(VM& vm) > { > RELEASE_ASSERT(m_key.isWatchable()); > >- m_key.object()->structure()->addTransitionWatchpoint(this); >+ m_key.object()->structure(vm)->addTransitionWatchpoint(this); > } > >-void AdaptiveStructureWatchpoint::fireInternal(const FireDetail& detail) >+void AdaptiveStructureWatchpoint::fireInternal(VM& vm, const FireDetail& detail) > { > if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { >- install(); >+ install(vm); > return; > } > >diff --git a/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.h b/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.h >index 40fcc1009f3fd60b560fd070491c0a500e27ec7c..c1f574f533926d4307b2de306d537f10bb7de472 100644 >--- a/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.h >+++ b/Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.h >@@ -38,10 +38,10 @@ class AdaptiveStructureWatchpoint : public Watchpoint { > > const ObjectPropertyCondition& key() const { return m_key; } > >- void install(); >+ void install(VM&); > > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > > private: > ObjectPropertyCondition m_key; >diff --git a/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp b/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp >index 84ba2dfac226e7ea0ddbc4e17ff9e9de670cc390..173d03e5f99cfafb31b715f6a0a8be4cbab7188f 100644 >--- a/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp >+++ b/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp >@@ -58,12 +58,13 @@ void InferredValueAdaptor::add( > void AdaptiveStructureWatchpointAdaptor::add( > CodeBlock* codeBlock, const ObjectPropertyCondition& key, CommonData& common) > { >+ VM& vm = *codeBlock->vm(); > switch (key.kind()) { > case PropertyCondition::Equivalence: >- common.adaptiveInferredPropertyValueWatchpoints.add(key, codeBlock)->install(); >+ common.adaptiveInferredPropertyValueWatchpoints.add(key, codeBlock)->install(vm); > break; > default: >- common.adaptiveStructureWatchpoints.add(key, codeBlock)->install(); >+ common.adaptiveStructureWatchpoints.add(key, codeBlock)->install(vm); > break; > } > } >diff --git a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >index c8d3e4714cefd9249feb9885f05fcf68b695e520..b10f00732cc166b4464f94664944a499ec677785 100644 >--- a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >+++ b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp >@@ -676,7 +676,7 @@ static void setupGetByIdPrototypeCache(ExecState* exec, VM& vm, Instruction* pc, > return; > if (condition.condition().kind() == PropertyCondition::Presence) > offset = condition.condition().offset(); >- watchpoints.add(condition, pc)->install(); >+ watchpoints.add(condition, pc)->install(vm); > } > > ASSERT((offset == invalidOffset) == slot.isUnset()); >diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >index cc69f8b63c794283e2ace48d70f226a1a60bc11f..477475054911283ad30fc87e0ceb3582de98adb1 100644 >--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp >@@ -238,7 +238,7 @@ static ALWAYS_INLINE std::pair<SpeciesConstructResult, JSObject*> speciesConstru > > constructor = thisObject->get(exec, vm.propertyNames->constructor); > RETURN_IF_EXCEPTION(scope, exceptionResult()); >- if (constructor.isConstructor()) { >+ if (constructor.isConstructor(vm)) { > JSObject* constructorObject = jsCast<JSObject*>(constructor); > if (exec->lexicalGlobalObject() != constructorObject->globalObject(vm)) > return std::make_pair(SpeciesConstructResult::FastPath, nullptr);; >@@ -1427,7 +1427,7 @@ class ArrayPrototypeAdaptiveInferredPropertyWatchpoint : public AdaptiveInferred > ArrayPrototypeAdaptiveInferredPropertyWatchpoint(const ObjectPropertyCondition&, ArrayPrototype*); > > private: >- void handleFire(const FireDetail&) override; >+ void handleFire(VM&, const FireDetail&) override; > > ArrayPrototype* m_arrayPrototype; > }; >@@ -1496,10 +1496,10 @@ void ArrayPrototype::tryInitializeSpeciesWatchpoint(ExecState* exec) > } > > m_constructorWatchpoint = std::make_unique<ArrayPrototypeAdaptiveInferredPropertyWatchpoint>(constructorCondition, this); >- m_constructorWatchpoint->install(); >+ m_constructorWatchpoint->install(vm); > > m_constructorSpeciesWatchpoint = std::make_unique<ArrayPrototypeAdaptiveInferredPropertyWatchpoint>(speciesCondition, this); >- m_constructorSpeciesWatchpoint->install(); >+ m_constructorSpeciesWatchpoint->install(vm); > > // We only watch this from the DFG, and the DFG makes sure to only start watching if the watchpoint is in the IsWatched state. > RELEASE_ASSERT(!globalObject->arraySpeciesWatchpoint().isBeingWatched()); >@@ -1512,15 +1512,15 @@ ArrayPrototypeAdaptiveInferredPropertyWatchpoint::ArrayPrototypeAdaptiveInferred > { > } > >-void ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire(const FireDetail& detail) >+void ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire(VM& vm, const FireDetail& detail) > { > auto lazyDetail = createLazyFireDetail("ArrayPrototype adaption of ", key(), " failed: ", detail); > > if (ArrayPrototypeInternal::verbose) > WTF::dataLog(lazyDetail, "\n"); > >- JSGlobalObject* globalObject = m_arrayPrototype->globalObject(); >- globalObject->arraySpeciesWatchpoint().fireAll(globalObject->vm(), lazyDetail); >+ JSGlobalObject* globalObject = m_arrayPrototype->globalObject(vm); >+ globalObject->arraySpeciesWatchpoint().fireAll(vm, lazyDetail); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp b/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp >index 011e08f245873020461c6b5b7089e362e3cb7901..b30466059ae6553d7df5bbf197eceb062ee2c2a0 100644 >--- a/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp >+++ b/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp >@@ -35,7 +35,7 @@ namespace JSC { > > EncodedJSValue JSC_HOST_CALL esSpecIsConstructor(ExecState* exec) > { >- bool isConstructor = exec->uncheckedArgument(0).isConstructor(); >+ bool isConstructor = exec->uncheckedArgument(0).isConstructor(exec->vm()); > return JSValue::encode(jsBoolean(isConstructor)); > } > >diff --git a/Source/JavaScriptCore/runtime/FunctionRareData.cpp b/Source/JavaScriptCore/runtime/FunctionRareData.cpp >index dc3cb7dbab3e3a50609692bb8873475133d05ed8..3acb222708493c72375d561638ea080cfc9534dc 100644 >--- a/Source/JavaScriptCore/runtime/FunctionRareData.cpp >+++ b/Source/JavaScriptCore/runtime/FunctionRareData.cpp >@@ -90,7 +90,7 @@ void FunctionRareData::clear(const char* reason) > m_objectAllocationProfileWatchpoint.fireAll(*vm(), reason); > } > >-void FunctionRareData::AllocationProfileClearingWatchpoint::fireInternal(const FireDetail&) >+void FunctionRareData::AllocationProfileClearingWatchpoint::fireInternal(VM&, const FireDetail&) > { > m_rareData->clear("AllocationProfileClearingWatchpoint fired."); > } >diff --git a/Source/JavaScriptCore/runtime/FunctionRareData.h b/Source/JavaScriptCore/runtime/FunctionRareData.h >index 2c54eedd6f29b822b354d77910bfa57b1d994f03..f4f0275f78f35f84ef08175a846a8c428ae55dcc 100644 >--- a/Source/JavaScriptCore/runtime/FunctionRareData.h >+++ b/Source/JavaScriptCore/runtime/FunctionRareData.h >@@ -122,7 +122,7 @@ class FunctionRareData final : public JSCell { > : m_rareData(rareData) > { } > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > private: > FunctionRareData* m_rareData; > }; >diff --git a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >index d39e86c101f03334153a85db23acf12d6104fe9b..3a8a1ba12f2427eabe25268051e571bca4c53025 100644 >--- a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >+++ b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.cpp >@@ -30,7 +30,7 @@ > > namespace JSC { > >-void InferredStructureWatchpoint::fireInternal(const FireDetail&) >+void InferredStructureWatchpoint::fireInternal(VM& vm, const FireDetail&) > { > InferredStructure* inferredStructure = > bitwise_cast<InferredStructure*>( >@@ -41,7 +41,7 @@ void InferredStructureWatchpoint::fireInternal(const FireDetail&) > if (!inferredType->isLive()) > return; > >- inferredType->removeStructure(*inferredType->vm()); >+ inferredType->removeStructure(vm); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.h b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.h >index c19523c9e127d604839c5ca15c34df3efa603fe9..629d089f5497781e457952416e2a41ab0ac871d5 100644 >--- a/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.h >+++ b/Source/JavaScriptCore/runtime/InferredStructureWatchpoint.h >@@ -31,7 +31,7 @@ namespace JSC { > > class InferredStructureWatchpoint : public Watchpoint { > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > }; > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/InternalFunction.cpp b/Source/JavaScriptCore/runtime/InternalFunction.cpp >index 73b5313d1addd15405c0e2b5884b76dee036c174..54dceba7d09c2d196d2372f4d6d87b33ebb4b19b 100644 >--- a/Source/JavaScriptCore/runtime/InternalFunction.cpp >+++ b/Source/JavaScriptCore/runtime/InternalFunction.cpp >@@ -115,7 +115,7 @@ Structure* InternalFunction::createSubclassStructureSlow(ExecState* exec, JSValu > { > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); >- ASSERT(!newTarget || newTarget.isConstructor()); >+ ASSERT(!newTarget || newTarget.isConstructor(vm)); > ASSERT(newTarget && newTarget != exec->jsCallee()); > > ASSERT(baseClass->hasMonoProto()); >diff --git a/Source/JavaScriptCore/runtime/InternalFunction.h b/Source/JavaScriptCore/runtime/InternalFunction.h >index 2dc5f2589c6ad09fdd1acfc2c919a098b02b4de2..244c4f72a8f6783cadb04c2f5d4187f8d9a1d98a 100644 >--- a/Source/JavaScriptCore/runtime/InternalFunction.h >+++ b/Source/JavaScriptCore/runtime/InternalFunction.h >@@ -98,7 +98,7 @@ ALWAYS_INLINE Structure* InternalFunction::createSubclassStructure(ExecState* ex > { > // We allow newTarget == JSValue() because the API needs to be able to create classes without having a real JS frame. > // Since we don't allow subclassing in the API we just treat newTarget == JSValue() as newTarget == exec->jsCallee() >- ASSERT(!newTarget || newTarget.isConstructor()); >+ ASSERT(!newTarget || newTarget.isConstructor(exec->vm())); > > if (newTarget && newTarget != exec->jsCallee()) > return createSubclassStructureSlow(exec, newTarget, baseClass); >diff --git a/Source/JavaScriptCore/runtime/JSCJSValue.h b/Source/JavaScriptCore/runtime/JSCJSValue.h >index 94d5a515e96c9f21aed82bb0bec9e6da69662af3..351b78ad31720221f8474b6c5c7fe006d20f8a91 100644 >--- a/Source/JavaScriptCore/runtime/JSCJSValue.h >+++ b/Source/JavaScriptCore/runtime/JSCJSValue.h >@@ -220,8 +220,8 @@ class JSValue { > bool isEmpty() const; > bool isFunction(VM&) const; > bool isCallable(VM&, CallType&, CallData&) const; >- bool isConstructor() const; >- bool isConstructor(ConstructType&, ConstructData&) const; >+ bool isConstructor(VM&) const; >+ bool isConstructor(VM&, ConstructType&, ConstructData&) const; > bool isUndefined() const; > bool isNull() const; > bool isUndefinedOrNull() const; >diff --git a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >index 4ab21bbb768ac6fe596c94621cfa50b51629af99..f7af868b73ba5f8adf53b9c5f922f6afe6a21fd4 100644 >--- a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >@@ -772,22 +772,18 @@ inline bool JSValue::isCallable(VM& vm, CallType& callType, CallData& callData) > return asCell()->isCallable(vm, callType, callData); > } > >-inline bool JSValue::isConstructor() const >+inline bool JSValue::isConstructor(VM& vm) const > { > if (!isCell()) > return false; >- JSCell* cell = asCell(); >- ConstructData ignored; >- return cell->methodTable()->getConstructData(cell, ignored) != ConstructType::None; >+ return asCell()->isConstructor(vm); > } > >-inline bool JSValue::isConstructor(ConstructType& constructType, ConstructData& constructData) const >+inline bool JSValue::isConstructor(VM& vm, ConstructType& constructType, ConstructData& constructData) const > { > if (!isCell()) > return false; >- JSCell* cell = asCell(); >- constructType = cell->methodTable()->getConstructData(cell, constructData); >- return constructType != ConstructType::None; >+ return asCell()->isConstructor(vm, constructType, constructData); > } > > // this method is here to be after the inline declaration of JSCell::inherits >diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h >index 7c1f01973b6cdf33893e4cf3e6bce52d8becbaa2..ae6ef6cff99eb52a63700c9fa9390f92701d9184 100644 >--- a/Source/JavaScriptCore/runtime/JSCell.h >+++ b/Source/JavaScriptCore/runtime/JSCell.h >@@ -111,6 +111,8 @@ class JSCell : public HeapCell { > bool isProxy() const; > bool isFunction(VM&); > bool isCallable(VM&, CallType&, CallData&); >+ bool isConstructor(VM&); >+ bool isConstructor(VM&, ConstructType&, ConstructData&); > bool inherits(VM&, const ClassInfo*) const; > template<typename Target> bool inherits(VM&) const; > bool isAPIValueWrapper() const; >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index 234736e47612275c2765dcc2eda57f77f0e7e1b7..cda6a1ecb99bc3365ae269b6b270f38980a3545c 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -247,6 +247,19 @@ inline bool JSCell::isCallable(VM& vm, CallType& callType, CallData& callData) > return callType != CallType::None; > } > >+inline bool JSCell::isConstructor(VM& vm) >+{ >+ ConstructType constructType; >+ ConstructData constructData; >+ return isConstructor(vm, constructType, constructData); >+} >+ >+inline bool JSCell::isConstructor(VM& vm, ConstructType& constructType, ConstructData& constructData) >+{ >+ constructType = methodTable(vm)->getConstructData(this, constructData); >+ return constructType != ConstructType::None; >+} >+ > inline bool JSCell::isAPIValueWrapper() const > { > return m_type == APIValueWrapperType; >@@ -282,9 +295,10 @@ inline const MethodTable* JSCell::methodTable() const > inline const MethodTable* JSCell::methodTable(VM& vm) const > { > Structure* structure = this->structure(vm); >+#if !ASSERT_DISABLED > if (Structure* rootStructure = structure->structure(vm)) >- ASSERT_UNUSED(rootStructure, rootStructure == rootStructure->structure(vm)); >- >+ ASSERT(rootStructure == rootStructure->structure(vm)); >+#endif > return &structure->classInfo()->methodTable; > } > >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >index 6a9b78da8c3c24688f39da82a16b8c9c1298d84b..f46c85e6ac0a855f0d066117e95669a455be2dc0 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp >@@ -1015,64 +1015,64 @@ putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Construct > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(arrayIteratorPrototype, m_vm.propertyNames->next); >- m_arrayIteratorPrototypeNext = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_arrayIteratorProtocolWatchpoint); >- m_arrayIteratorPrototypeNext->install(); >+ m_arrayIteratorPrototypeNext = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_arrayIteratorProtocolWatchpoint); >+ m_arrayIteratorPrototypeNext->install(vm); > } > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(this->arrayPrototype(), m_vm.propertyNames->iteratorSymbol); >- m_arrayPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_arrayIteratorProtocolWatchpoint); >- m_arrayPrototypeSymbolIteratorWatchpoint->install(); >+ m_arrayPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_arrayIteratorProtocolWatchpoint); >+ m_arrayPrototypeSymbolIteratorWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(mapIteratorPrototype, m_vm.propertyNames->next); >- m_mapIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_mapIteratorProtocolWatchpoint); >- m_mapIteratorPrototypeNextWatchpoint->install(); >+ m_mapIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_mapIteratorProtocolWatchpoint); >+ m_mapIteratorPrototypeNextWatchpoint->install(vm); > } > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_mapPrototype.get(), m_vm.propertyNames->iteratorSymbol); >- m_mapPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_mapIteratorProtocolWatchpoint); >- m_mapPrototypeSymbolIteratorWatchpoint->install(); >+ m_mapPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_mapIteratorProtocolWatchpoint); >+ m_mapPrototypeSymbolIteratorWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(setIteratorPrototype, m_vm.propertyNames->next); >- m_setIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_setIteratorProtocolWatchpoint); >- m_setIteratorPrototypeNextWatchpoint->install(); >+ m_setIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_setIteratorProtocolWatchpoint); >+ m_setIteratorPrototypeNextWatchpoint->install(vm); > } > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_setPrototype.get(), m_vm.propertyNames->iteratorSymbol); >- m_setPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_setIteratorProtocolWatchpoint); >- m_setPrototypeSymbolIteratorWatchpoint->install(); >+ m_setPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_setIteratorProtocolWatchpoint); >+ m_setPrototypeSymbolIteratorWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_stringIteratorPrototype.get(), m_vm.propertyNames->next); >- m_stringIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_stringIteratorProtocolWatchpoint); >- m_stringIteratorPrototypeNextWatchpoint->install(); >+ m_stringIteratorPrototypeNextWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_stringIteratorProtocolWatchpoint); >+ m_stringIteratorPrototypeNextWatchpoint->install(vm); > } > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_stringPrototype.get(), m_vm.propertyNames->iteratorSymbol); >- m_stringPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_stringIteratorProtocolWatchpoint); >- m_stringPrototypeSymbolIteratorWatchpoint->install(); >+ m_stringPrototypeSymbolIteratorWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_stringIteratorProtocolWatchpoint); >+ m_stringPrototypeSymbolIteratorWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_mapPrototype.get(), m_vm.propertyNames->set); >- m_mapPrototypeSetWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_mapSetWatchpoint); >- m_mapPrototypeSetWatchpoint->install(); >+ m_mapPrototypeSetWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_mapSetWatchpoint); >+ m_mapPrototypeSetWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(m_setPrototype.get(), m_vm.propertyNames->add); >- m_setPrototypeAddWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_setAddWatchpoint); >- m_setPrototypeAddWatchpoint->install(); >+ m_setPrototypeAddWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_setAddWatchpoint); >+ m_setPrototypeAddWatchpoint->install(vm); > } > > { > ObjectPropertyCondition condition = setupAdaptiveWatchpoint(numberPrototype(), m_vm.propertyNames->toString); >- m_numberPrototypeToStringWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(vm, condition, m_numberToStringWatchpoint); >- m_numberPrototypeToStringWatchpoint->install(); >+ m_numberPrototypeToStringWatchpoint = std::make_unique<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>>(condition, m_numberToStringWatchpoint); >+ m_numberPrototypeToStringWatchpoint->install(vm); > m_numberProtoToStringFunction.set(vm, this, jsCast<JSFunction*>(numberPrototype()->getDirect(vm, vm.propertyNames->toString))); > } > } >diff --git a/Source/JavaScriptCore/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h b/Source/JavaScriptCore/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h >index bf1a7db8d9dff3d071c082c14948f566d6ca5214..4e0c20905e6388d38415c7eae423413009304a04 100644 >--- a/Source/JavaScriptCore/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h >+++ b/Source/JavaScriptCore/runtime/ObjectPropertyChangeAdaptiveWatchpoint.h >@@ -33,21 +33,19 @@ template<typename Watchpoint> > class ObjectPropertyChangeAdaptiveWatchpoint : public AdaptiveInferredPropertyValueWatchpointBase { > public: > using Base = AdaptiveInferredPropertyValueWatchpointBase; >- ObjectPropertyChangeAdaptiveWatchpoint(VM& vm, const ObjectPropertyCondition& condition, Watchpoint& watchpoint) >+ ObjectPropertyChangeAdaptiveWatchpoint(const ObjectPropertyCondition& condition, Watchpoint& watchpoint) > : Base(condition) >- , m_vm(vm) > , m_watchpoint(watchpoint) > { > RELEASE_ASSERT(watchpoint.stateOnJSThread() == IsWatched); > } > > private: >- void handleFire(const FireDetail&) override >+ void handleFire(VM& vm, const FireDetail&) override > { >- m_watchpoint.fireAll(m_vm, StringFireDetail("Object Property is changed.")); >+ m_watchpoint.fireAll(vm, StringFireDetail("Object Property is changed.")); > } > >- VM& m_vm; > Watchpoint& m_watchpoint; > }; > >diff --git a/Source/JavaScriptCore/runtime/ProxyObject.cpp b/Source/JavaScriptCore/runtime/ProxyObject.cpp >index f569ca59650a3b1274defe62b20817db5cde9212..7521dc95ec23fe347530a2d0e65e3897b187ac0b 100644 >--- a/Source/JavaScriptCore/runtime/ProxyObject.cpp >+++ b/Source/JavaScriptCore/runtime/ProxyObject.cpp >@@ -112,8 +112,7 @@ void ProxyObject::finishCreation(VM& vm, ExecState* exec, JSValue target, JSValu > RELEASE_ASSERT(info.implementsHasInstance() && info.implementsDefaultHasInstance()); > } > >- ConstructData ignoredConstructData; >- m_isConstructible = jsCast<JSObject*>(target)->methodTable(vm)->getConstructData(jsCast<JSObject*>(target), ignoredConstructData) != ConstructType::None; >+ m_isConstructible = jsCast<JSObject*>(target)->isConstructor(vm); > > m_target.set(vm, this, targetAsObject); > m_handler.set(vm, this, handler); >diff --git a/Source/JavaScriptCore/runtime/ReflectObject.cpp b/Source/JavaScriptCore/runtime/ReflectObject.cpp >index a433f6de5133a81dcea58b6f5cbf607d37a5816b..7999e346a88b4336c5fdb65a3ec3d823ed5b5e82 100644 >--- a/Source/JavaScriptCore/runtime/ReflectObject.cpp >+++ b/Source/JavaScriptCore/runtime/ReflectObject.cpp >@@ -101,13 +101,13 @@ EncodedJSValue JSC_HOST_CALL reflectObjectConstruct(ExecState* exec) > > ConstructData constructData; > ConstructType constructType; >- if (!target.isConstructor(constructType, constructData)) >+ if (!target.isConstructor(vm, constructType, constructData)) > return JSValue::encode(throwTypeError(exec, scope, "Reflect.construct requires the first argument be a constructor"_s)); > > JSValue newTarget = target; > if (exec->argumentCount() >= 3) { > newTarget = exec->argument(2); >- if (!newTarget.isConstructor()) >+ if (!newTarget.isConstructor(vm)) > return JSValue::encode(throwTypeError(exec, scope, "Reflect.construct requires the third argument be a constructor if present"_s)); > } > >diff --git a/Source/JavaScriptCore/runtime/StructureRareData.cpp b/Source/JavaScriptCore/runtime/StructureRareData.cpp >index a0375fb982fdf87179bca7057610f036b89e7b65..8984ce91956a81d51ad0d5233630e699e36deb53 100644 >--- a/Source/JavaScriptCore/runtime/StructureRareData.cpp >+++ b/Source/JavaScriptCore/runtime/StructureRareData.cpp >@@ -91,7 +91,7 @@ class ObjectToStringAdaptiveInferredPropertyValueWatchpoint : public AdaptiveInf > > private: > bool isValid() const override; >- void handleFire(const FireDetail&) override; >+ void handleFire(VM&, const FireDetail&) override; > > StructureRareData* m_structureRareData; > }; >@@ -100,10 +100,10 @@ class ObjectToStringAdaptiveStructureWatchpoint : public Watchpoint { > public: > ObjectToStringAdaptiveStructureWatchpoint(const ObjectPropertyCondition&, StructureRareData*); > >- void install(); >+ void install(VM&); > > protected: >- void fireInternal(const FireDetail&) override; >+ void fireInternal(VM&, const FireDetail&) override; > > private: > ObjectPropertyCondition m_key; >@@ -160,9 +160,9 @@ void StructureRareData::setObjectToStringValue(ExecState* exec, VM& vm, Structur > for (ObjectPropertyCondition condition : conditionSet) { > if (condition.condition().kind() == PropertyCondition::Presence) { > m_objectToStringAdaptiveInferredValueWatchpoint = std::make_unique<ObjectToStringAdaptiveInferredPropertyValueWatchpoint>(equivCondition, this); >- m_objectToStringAdaptiveInferredValueWatchpoint->install(); >+ m_objectToStringAdaptiveInferredValueWatchpoint->install(vm); > } else >- m_objectToStringAdaptiveWatchpointSet.add(condition, this)->install(); >+ m_objectToStringAdaptiveWatchpointSet.add(condition, this)->install(vm); > } > > m_objectToStringValue.set(vm, this, value); >@@ -185,20 +185,20 @@ ObjectToStringAdaptiveStructureWatchpoint::ObjectToStringAdaptiveStructureWatchp > RELEASE_ASSERT(!key.watchingRequiresReplacementWatchpoint()); > } > >-void ObjectToStringAdaptiveStructureWatchpoint::install() >+void ObjectToStringAdaptiveStructureWatchpoint::install(VM& vm) > { > RELEASE_ASSERT(m_key.isWatchable()); > >- m_key.object()->structure()->addTransitionWatchpoint(this); >+ m_key.object()->structure(vm)->addTransitionWatchpoint(this); > } > >-void ObjectToStringAdaptiveStructureWatchpoint::fireInternal(const FireDetail&) >+void ObjectToStringAdaptiveStructureWatchpoint::fireInternal(VM& vm, const FireDetail&) > { > if (!m_structureRareData->isLive()) > return; > > if (m_key.isWatchable(PropertyCondition::EnsureWatchability)) { >- install(); >+ install(vm); > return; > } > >@@ -216,7 +216,7 @@ bool ObjectToStringAdaptiveInferredPropertyValueWatchpoint::isValid() const > return m_structureRareData->isLive(); > } > >-void ObjectToStringAdaptiveInferredPropertyValueWatchpoint::handleFire(const FireDetail&) >+void ObjectToStringAdaptiveInferredPropertyValueWatchpoint::handleFire(VM&, const FireDetail&) > { > m_structureRareData->clearObjectToStringValue(); > } >diff --git a/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp b/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >index 00ae0dae4152192883be4dd9f0743fc9fd586b0c..b7181dd0855c842fc87d727d2a2644bcb96c041d 100644 >--- a/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >+++ b/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >@@ -95,7 +95,7 @@ JSValue JSCustomElementRegistry::define(ExecState& state) > RETURN_IF_EXCEPTION(scope, JSValue()); > > JSValue constructorValue = state.uncheckedArgument(1); >- if (!constructorValue.isConstructor()) >+ if (!constructorValue.isConstructor(vm)) > return throwTypeError(&state, scope, "The second argument must be a constructor"_s); > JSObject* constructor = constructorValue.getObject(); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343675">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186241
:
341859
|
341863
| 343675